Large-scale studies such as IBM’s 2014 Cyber Security Intelligence Index reveal that 95% of all security breaches are the result of human error. This is well-understood by today’s cyber attackers, who know that people are the weakest link in cybersecurity.
Security breaches and compromises of information occur and result in damage to the agency, organization or business. It happens to the best and brightest; the organizations with the newest tools and the best security products and technologies, and the smartest security engineers. We implement frameworks, use encryption, control access, authenticate users, deploy patches, and even detect malware. And we still have breaches. Why?
After performing numerous security assessments and responding to a myriad of incidents, we’ve learned that despite all of the frameworks, policies, processes, and technologies, our enterprises are designed, implemented and used by humans. And humans are the one type of asset in the enterprise, unlike hardware and software, that make mistakes. More often than not, human errors, either accidental or deliberate, are the cause of security breaches. To address this requires a multi-pronged approach we call Human-Based Cyber Defense.
This approach includes:
- A conceptual Framework to represent the ideas and concepts for understanding human-based vulnerabilities.
- Architectures and Techniques to reduce the likelihood of human-based breaches as well as reduce the impact when they occur.
- Using User Behavior Analytics to detect erroneous or malicious user activity that could lead to breaches.
- Going beyond conventional user training and awareness programs by implementing a program of Practice, Drills and Exercises to change human behavior.
- Creating a Business and Workplace Culture that raises the importance of security in all aspects of the business enterprise.
- Implementing a program of Human-Based Vulnerability Management to identify, detect, remediate, and track human vulnerabilities in the environment.
Human Element addresses Human-Based Cyber Defense (HBCD) in each aspect of our services, enabling our clients to integrate HBCD into all aspects of the security program.
Our Six Domains of Human-Based Cyber DefenseSM provide a framework for turning your weakest link into your biggest advantage in cybersecurity.
We developed this framework by combining diverse scientific fields including human factors engineering, human error modeling, ergonomic frameworks, social engineering, cybersecurity and computer crime.
We combined this knowledge with methods proven successful in other industries to create a solution that goes beyond what conventional security awareness training can provide.
Architecture & Techniques
Through the years, security engineers have used their knowledge of hardware and software vulnerabilities to design systems and architectures that combat them. Human Element takes this same approach using our knowledge of human vulnerabilities to implement HBCD architectures. We use our knowledge of human vulnerabilities in our design of access controls, data classification and protection techniques, network and system segmentation, and application development.
As a general principal, removing human involvement in functions that could have a security impact can be an effective way to reduce human-based cyber threats. For instance, isolating portions of the enterprise can serve to contain the impact of user actions. Likewise, solutions that automatically detect sensitive data and perform the appropriate protection mechanisms can effectively remove the threat of human-based breaches.
User Behavior Analytics
Typical Incident Detection and SOC Operations focus on external attack detection. Human Element helps organizations use User Behavior Analytics (UBA) to detect indicators of potential security incidents that are the result of human errors or malicious insider activity.
Using partner products such as Bay Dynamics Risk Fabric, Human Element focuses on individual users, monitoring their interactions and building baseline profiles to compare with historical behaviors. This allows us to detect human-caused events such as:
- Incidents involving compromised credentials
- Lateral movement on the network
- Abnormal access to critical assets
- Attacks against the corporate network, cloud services and mobile devices
- Users affected by phishing campaigns
- Unusual activity regarding user, domain administrator or service accounts, and processes running on endpoints, mobile device and cloud services
Such analysis takes into account transaction types, resources used, session duration, connectivity and typical peer group behavior. Human Element uses UBA to determine what normal behavior is, and what constitutes outlier or anomalous activity. UBA is a key tool in combating security breaches caused by employees.
Practice, Drills & Excercises
Some things can be taught using traditional teaching methods, but other things do not lend themselves to learning by lectures, books, and videos. How do doctors learn to do surgery? How do pilots learn to fly? By practicing, using hands-on simulators or real-world situations.
Security training for employees has been tried for years, but still most breaches are caused by human error. Human Element believes the only way to reverse this trend is to teach employees using hands-on drills and practice exercises. Human Element can help organizations improve employee security behaviors by augmenting a traditional security training and awareness program with a regular program of drills and practice exercises, both individual and group. Games and competitions can be added into the mix to provide more employee involvement, discussion and learning.
Business & Workplace Culture
The primary mission of the business takes precedent over security. Likewise, the primary job of the employee takes precedence over their role in security. This situation is, of course, normal and necessary for the success of any business.
However, the degree to which security is important, or is not important, to the business and employees will drive the quantity and extent of human-based vulnerabilities and their resultant security breaches. The key is for the business entity to understand its risk and based on that understanding, decide the extent to which security will be part of the workplace culture.
Human Element can help organizations improve their security culture by adding the human dimension to key aspects of their security program, from GRC and policy to security awareness and employee participation.
Human-Based Vulnerability Management
Remediation of human-based vulnerabilities requires a comprehensive vulnerability management program.
Like hardware and software vulnerabilities, human-based vulnerabilities must be detected, prioritized and assessed in order to choose the most appropriate remediating countermeasures and verification steps.
Human Element can help implement such a program. We'll also create and maintain a human-based vulnerability management system so program activities can be tracked and organizations can maintain situational awareness of their human assets.